- #Redhat install smart card support how to#
- #Redhat install smart card support drivers#
- #Redhat install smart card support update#
- #Redhat install smart card support driver#
New hardware enablement in RHEL7.4+ will come through OpenSC. Note that for several cards which are supported in OpenSC’s upstream documentation that do not fall in one of the categories in the supported list above, Red Hat will provide ongoing assistance in a commercially reasonable manner.
#Redhat install smart card support drivers#
Applications that switch to OpenSC module will take in RHEL7.4 the advantage of the additional features and drivers of OpenSC as well as its enhanced support of cards of the PKCS#15 family.
![redhat install smart card support redhat install smart card support](https://ostechnix.com/wp-content/uploads/2021/08/Choose-base-environment.png)
In RHEL7.4 we introduce the OpenSC PKCS#11 module, which will accompany the CoolKey module, as a fully compatible replacement of it. In RHEL7.3 smart cards are accessed via the CoolKey PKCS#11 module. The list of supported hardware in the upstream project. The following list of smart card readers are tested and verified by Red Hat: Furthermore, additional readers may be supported on Red Hat’s discretion.
#Redhat install smart card support update#
Red Hat will periodically update the USB identifiers from the upstream project into our pcsc-lite-ccid driver. Most CCID compatible readers will work without any issue. In Red Hat Enterprise Linux, we follow the pcsc-lite upstream project in regards to smart card reader hardware support.
![redhat install smart card support redhat install smart card support](https://www.techotopia.com/images/4/4f/Rhel_8_vnc_putty_tunnels.png)
For example the OpenSC module as shipped by RHEL7.4, provides support for Yubikey, Nitrokey, and the US-government PIV and CAC cards on a single module. In the open source world, we have projects like OpenSC, which wraps several smart card drivers into a single shared module. That shared module can be imported by applications, and be used to communicate with the card directly.
#Redhat install smart card support driver#
Smart card vendors, often provide a shared module (.so file), which follows the PKCS#11 API, and serves as a driver for the card. The main method in RHEL for applications to access smart cards, is via a higher level API, the OASIS PKCS#11 API, which abstracts the card communication to specific commands that operate on cryptographic objects (private keys etc). The PC/SC low level communication is rarely seen on the application level. The daemon forwards the commands received to the card reader typically over USB. On the lower level, the operating system communicates with the smart card reader, using the PC/SC protocol, and this communication is performed by the pcsc-lite daemon.
![redhat install smart card support redhat install smart card support](https://access.redhat.com/webassets/avalon/d/Red_Hat_Certificate_System-9-Managing_Smart_Cards_with_the_Enterprise_Security_Client-en-US/images/171c9aa2cba2570d806767b11805bd13/ChangeSmartcardPassword.png)
![redhat install smart card support redhat install smart card support](https://smartliquidity.info/wp-content/uploads/2021/11/photo_2021-11-27_02-23-11.jpg)
Smart cards are typically handled on multiple layers and by multiple components, and for that we would like to provide a brief background to provide context for the following discussion.
#Redhat install smart card support how to#
If you search for a guide how to configure smart cards authentication from scratch in RHEL7, please use Smart Cards section in system-level Authentication Guide. If you search for smart card support for RHEL 8, please use the article 425386. In addition it provides information on how to investigate a potential incompatibility between the cards and RHEL. In Red Hat Enterprise Linux, we strive to support several popular smart cards types, however, as it is not possible to support every smart card available, this document specifies our targeted cards.